>On Tue, Jan 13, 2009 at 5:12 AM, <[email protected]> wrote: >> >> I see no reason for "access(file, X_OK))" should return 0 for >> ordinary files which have no execute bit set. >> >> I think we can just change that. > >This behaviour is controlled by the file_dac_execute privilege. >Processes running as root will always get this privilege in their >Effective set, since processes generally have the file_dac_execute >privilege in the Limit set, and when something is executed as root >(e.g. via a setuid binary) the Permitted and Effective sets are set to >Limit [1]. Would a reasonable solution be to modify this code to not >copy the file_dac_execute privilege into the Effective set (processes >that really want this behaviour could still call ppriv(1)/setppriv(2) >to add it to their Effective set)? > >[1] >http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/priv.c#624
I think that would be wrong. Because if you CAN execute a file as root because it has at least one x bit set, then access(file, X_OK) should return 0. Casper _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
